Skip to Content
Personal Insights

Strategy+: Shape your IT Risk Management 2020 agenda with these 6 key focus areas

In previous posts, I discussed how strategic alignment between IT, business and compliance is never achieved by accident. In order to communicate a shared vision among the leadership, management need to utilize a set of different communication tools to outline the focus areas that the organizations need to address. To address the alignment gap, I introduced before the Strategic Alignment Framework (SAR) tool; the SAR framework examines the organization’s set of initiatives across 4 different set of areas (quadrants): Process Improvements, Technology Enablement, People Planning and Risk Management.

As part of the risk management quadrant within the SAR tool, I want to outline the common activities that management needs to think about for 2020. In this post, I share the top 6 key risks and focus areas that risk management professionals need to address for 2020.As part of the risk management quadrant within the SAR tool, I want to outline the common activities that management needs to think about for 2020.

In this post, I share the top 6 key risks and focus areas that risk management professionals need to address for 2020:

1 Agenda Item and Description
Managing Privacy and Data Protection compliance requirements

  • As data-driven projects gain more attraction, compliance with data security and privacy laws needs to be addressed effectively, including GDPR, CCPA or PCI v4 (anticipated for 2020 release).
  • With the data protection laws on the rise, continuous privacy assessments are critical for companies to avoid regulatory fines; in many cases managing data risks will be new to many organizations, which will impact the design of the business processes.
  • Risk management professionals along with the business owners will need to establish and monitor their data protection & privacy programs. Identifying the critical data elements is the first step to adapt a high maturity data governance strategic model; this data identification can help the business understand the current data flow and usage to map the laws applicable to each data asset.
2 Agenda Item and Description
Addressing inherent risks introduced by the intelligent enterprise (RPA, AI & Blockchain)

  • Building an intelligent enterprise is a mission critical goal. In order to create the competitive advantage from the new technologies, companies need to productize their ideas fast; this happens through shorter design and faster deployment phases. It is key for these projects to hit their break-even cost quickly. This rapid deployment may have an adverse result on effectively managing business & compliance risks due to inappropriately defining these risks.
  • A well-involved oversight by the risk management and compliance function helps ensure that the intelligent enterprise initiatives (e.g. RPA, AI, IoT and Blockchain) are properly designed and implemented; specifically, a thoughtful analysis of the associated risks are identified, evaluated, compensated to meet the acceptable level of risk tolerance.
  • Risk and compliance professionals need to play an active role in reviewing the alignment of intelligent initiatives with the organization’s strategic compliance goals, including reviewing the identification and resolution of the inherent risks introduced by these emerging technologies.
3 Agenda Item and Description
Investing in developing an advanced & an intelligent compliance management solution

  • Investing in compliance solutions needs to be on the agenda to better drive effective compliance activities, both quality and cost-effective solutions. Regulations and compliance requirements will only be increasing in many years to come; as such, building and deploying an integrated & a complete GRC solution, with continuous monitoring & testing capabilities, will be in high demand.
  • Using emerging technologies (e.g. data analytics, RPA and IA technologies), risk management and compliance function will have the capability to identify in real-time the associated risks and the remediation measures for any control weaknesses against any compliance or operational requirement.
  • in order to limit the negative impact of compliance activities on the business operations, risk professionals will need to start investing and leveraging technologies to improve assessments quality, reduce compliance costs, and expand risk scope & coverage.
4 Agenda Item and Description
Addressing risk mitigation requirements for cloud and ERP transformation projects

  • The pressure is increasing to have a constant state-of-the-art efficiency and quality in processing operational and back-office activities.  Migration to cloud-based solutions and ERP transformation projects are on the rise for 2020 because they provide the leading-edge technologies to support the operational activities at the highest level, including better return of investments.
  • Without involving risk management professionals upfront, projects might not achieve their desired objectives due to downplaying the impact of these large-scale transformations on the entire organization components: technology, process, data & people.
  • An end-to-end IT governance structure is needed when making benefit realization, risk mitigation and resource allocations decisions. IT risk management professionals need to play an active role in establishing an appropriate IT governance structure to improve the effectiveness of the operational, regulatory and compliance controls within the organization.
5 Agenda Item and Description
Validating the effectiveness of cybersecurity countermeasures and business continuity plans

  • Companies face cyberattacks every day and the frequency of such incidents will continue to rise. Due to the significant impact of these attacks, cybersecurity will continue to be on the critical mission list for the business board and executives to address.
  • Cybersecurity is an area that includes many domains, including business continuity, third party vendor management, cloud solutions and many others. In order to develop and appropriate countermeasure activities, risk management professionals will need to review holistically the company’s cybersecurity programs and help establish effective solutions.
  • Many risk management professionals will need to continually test, tweak and be a leader in developing and executing disaster recovery plan and business continuity procedures to assess the effectiveness and organization knowledge of crisis response plans (e.g. ransomware attacks).
6 Agenda Item and Description
Developing effective knowledge learning journey to better drive quality assessments

  • Technologies and processes are becoming more diverse and complex to deliver unseen benefits to the companies. However, these new technologies introduce new risks and new way of testing. The search for talents, highly skilled subject matter specialists and key management personnel is challenging. Risk management functions need to heavily invest in recruitment, professional development and retention programs.
  • Risk management and Internal audit functions need to play a strategic partner role pushing insights to the business on how to effectively and efficiently manage business and compliance risks, without adversely impacting business operations.
  • Many risk management leaders, including C-suite, will need to assess the learning programs against the IA needs. The key will be to remain highly involved in the retention and learning programs for risk management professional (e.g. staff rotation into the business, certification-based programs and on-job training investments).

Bringing it all together

As companies continue to move forward with intelligent business models, comply with regulatory requirements, and manage technological and business changes, risk management professionals need to play a leading role in helping the business to manage risks more effectively and efficiently; planning to tackle these 6 topics above in 2020 is a step to achieving an effective & efficient compliant environment.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.